Conditional Access on the Device
For devices that meet the requirements of a compliance policy, accessing resources is seamless. Once a device registers, the user receives access to all authorized resources and applications.
Devices configured for Microsoft Share Mode Registration automatically register to Azure Active Directory. To register a non-Android Enterprise device as Microsoft Share Mode Registration, you must unregister and unenroll it. Re-enroll the device as work managed and register it as Microsoft Share Mode Registration.
When opening a Microsoft 365 application such as Microsoft Teams on an unregistered device, the user must select Authenticate to register it as Microsoft User Mode.
The following example shows access to Microsoft Teams denied on a registered user device because the device does not meet the requirements of the compliance policy. This applies to both Microsoft User Mode Registration and Microsoft Share Mode Registration.
When opening a Microsoft 365 application such as Microsoft Teams on an unregistered device, the user must select Authenticate to register it as Microsoft User Mode.
The following example shows access to Microsoft Teams denied on a registered user device because the device does not meet the requirements of the compliance policy. This applies to both Microsoft User Mode Registration and Microsoft Share Mode Registration.
For troubleshooting tips, see the following:
1. Error On First-time Registration with Azure